HIPAA & HITRUST Compliance Assessment Services

Backbone Consultants’ staff of HITRUST certified assessors can guide your organization through the HITRUST self-assessment or certification process. HITRUST’s common security framework (CSF) provides guidance for healthcare organizations, covered entities, business associates, and subcontractors to verify compliance with the Health Insurance Portability and Accountability Act (HIPAA) and other privacy and state regulated healthcare requirements.


Either as a stand-alone assessment, or as part of a SOC2 plus HITRUST attestation, Backbone’s certified cybersecurity and privacy professionals can provide the expertise necessary to implement an effective governance program. An organization’s ability to appropriately secure customer and employee personal identification information (PHI) and protected health information (PHI) through effective policies, standards and internal controls is paramount. Backbone’s HIPAA and HITRUST Compliance Assessment Service offering includes:


HIPAA & HITRUST Pre-Assessment Workshop: Backbone will partner with organization’s staff to get a high-level baseline, or current state, of your compliance with HIPAA and the HITRUST CSF framework before the assessment begins, if requested. The pre-assessment workshop can take 1-3 days pending the size of your organization, compliance requirements, and/or scope of the assessment. The purpose of the pre-assessment workshop is to understand the potential resource commitment from your organization to complete the assessment.


HIPAA & HITRUST Readiness Assessment: Backbone will conduct walkthroughs to understand the current state of your HIPAA program and compliance with HITRUST CSF framework in your preparation to become HITRUST certified. Your organization has 90 days to complete the official self-assessment or certified report, increasing the value of the readiness assessment. Backbone will work with you to proactively identify any gaps and develop and implement a solution to correct the deficiencies within your own time frame that fits your organization and resource availability. This activity may also be completed in unison with the SOC2 readiness assessment providing a source of cost-saving and process efficiencies.


HITRUST CSF Tool: Backbone has been trained and can lead you and your staff on how to use the HITRUST CSF proprietary IT GRC tool. This tool is required to submit a self-assessment or validated (with or without certification) to HITRUST. This tool contains the scoping criteria, assessment domains and statements, communication mechanisms between members of your organization, external audit staff, and QA and final submission capabilities with HITRUST.


HIPAA & HITRUST Validated Report or Validated Report with Certification: Backbone’s staff of certified assessors can submit the validated report and/or certification to HITRUST for QA and final validation. A CSF approved assessor must submit the report to HITRUST for it to be considered for certification.


Backbone’s HIPAA & HITRUST Compliance Assessment Services will help ensure your organization is following industry best practices and meeting the required standards to work with organizations that process or contain PHI or PHI data. Not only does complying with the HITRUST CSF framework provide maturity steps to improve your organization but delivers assurance to the growing number of organizations requiring this certification before partnering with third-party providers and vendors.